There's no accounting for user's actions... They open attachments, install nasty software, hit dodgy websites, and call numbers with no questions asked without ever thinking about it. You seem surprised.
Big Blue securo-bods warn of dire Dyre Wolf AMONG WOLVES
Infosec experts have spotted a nasty variant of a banking malware – dubbed Dyre Wolf – which involves a sophisticated two-factor authentication workaround that has apparently led to the theft of more than $1m from the biz world. Wrongdoers have demonstrated what IBM Security described as "a brazen twist from the once-simple …
COMMENTS
-
This post has been deleted by its author
-
-
This post has been deleted by its author
-
-
Monday 6th April 2015 16:45 GMT GBE
Users are like that.
A couple years ago a got a phone call claiming to be from a large brokerage and financial services firm. The caller said there was something in my account that needed to be updated, but first she needed my birth date, account numbers, and social security number to confirm my identity.
I said I'd call back on the corporation's toll-free number. She said she'd put a note in my account so that whoever got my call would know what needed to be done. Before I hung up, I asked her if people usually provide all that information over the phone when she calls them out of the blue like that.
She said "always".
At that point, I realized that Bruce Schneier was right. Crypto can't solve the problem: the weak point in computer and network security is in the the wetware.
[I then hung up, called the company's toll-free number, the
aforementioned note was on my account, and we took care of whatever it
was that needed to be done.]
-
-
Sunday 5th April 2015 08:10 GMT Richard Jones 1
I am not the big bad wolf I'm granny with a sore throat.
It worked so well for children's stories that the same ruse works on grown (groan) ups. There was a time when banks and customers, especially large customers had a relationship. Now anything goes, the customer's clerk does not know who they are calling anyway and probably has no idea which is the right number to call. One could ask what happened to training, but as the instructions are all 'on screen' training is not needed and 'we must save money'.
Yes to give it to the crooks!
-
-
This post has been deleted by its author
-
-
-
Monday 6th April 2015 08:26 GMT TeeCee
Of course if it actually were an extinct wolf rather than a variant of the Dyre[1] malware they were talking about, you'd have a point.
But it isn't. So you don't. You muppet.
[1] Clearly spelled as such throughout the article and the referenced one, so heck knows where you got "Dyer" from.
-
-
-
Monday 6th April 2015 15:00 GMT Alistair
ummm.. what?
"is that the attackers are bold enough to use the same phone number for each website"
The image *implies* that it would be a toll free number...
Aren't those "toll free numbers" tracked somewhere? Or are these folks putting up some nasty bugger's cellphone number?
I suppose the software could be set up to pull that info from a server somewhere out there ...
If any *real* amount of $$$ had been sucked up from any company of any size this would already have been shut down. Sadly the SME's that are likely getting hit are *too small to be bailed out*.